Mike
My take:
re security: many studies looking at database "security" conclude that admin staff and (gasp!) the sysop are the most important data security concern rather than hackers. Admin staff need access to our financial/health data etc; HR rules and reviews are what prevents misuse. Sysops can and do bypass logging to access data; ditto. The best security policy is probably to cultivate an environment of professionalism, responsibility and peer review.
re scalability: I see no technical reason why SQL Server saving data into a "database" which is in fact a file that can be copied (or deleted) just like any other file, is somehow better than a "database" split into multiple files. Most C/S advantages are caused by centralised database processing, network transfer of datasets rather than tables, and physical data read/writes on the server with UPS etc rather than on PCs affected by brownouts, flaky network cards, network gremlins, users flicking computers off because "I changed my mind and didn't want to Save" and other horrors.
From memory, Dr Dave was contemplating a server version of FP before he sold out; he and his team also used a 10-byte Memo placeholder which from memory was to be used for "chaining" memos to improve reliability. The 10 bytes was reduced to 4 bytes in ? FP2.6a.
I also agree with your points about stateless access. Even that most online-oriented application, "the Browser", caches files locally so you can browse offline and/or avoid repeated downloads of the same image or page.
Regards
JR
"... They ne'er cared for us
yet: suffer us to famish, and their store-houses
crammed with grain; make edicts for usury, to
support usurers; repeal daily any wholesome act
established against the rich, and provide more
piercing statutes daily, to chain up and restrain
the poor. If the wars eat us not up, they will; and
there's all the love they bear us."
-- Shakespeare: Coriolanus, Act 1, scene 1